;;;;;;;;;;;; WARNING ;;;;;;;;;;;;; This is the default settings file for new PHP installations.; By default, PHP installs itself with a configuration suitable for; development purposes, and *NOT* for production purposes.; For several security-oriented considerations that should be taken; before going online with your site, please consult php.ini-recommended; and http://php.net/manual/en/security.php.

;;;;;;;;;;;;;;;;;;;; About this file ;;;;;;;;;;;;;;;;;;;;; This file controls many aspects of PHP's behavior. In order for PHP to; read it, it must be named 'php.ini'. PHP looks for it in the current; working directory, in the path designated by the environment variable; PHPRC, and in the path that was defined in compile time (in that order).; Under Windows, the compile-time path is the Windows directory. The; path in which the php.ini file is looked for can be overridden using; the -c argument in command line mode.;; The syntax of the file is extremely simple. Whitespace and Lines; beginning with a semicolon are silently ignored (as you probably guessed).; Section headers (e.g. [Foo]) are also silently ignored, even though; they might mean something in the future.;; Directives are specified using the following syntax:; directive=value; Directive names are *case sensitive* - foo=bar is different from FOO=bar.;; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one; of the INI constants (On, Off, True, False, Yes, No and None) or an expression; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").;; Expressions in the INI file are limited to bitwise operators and parentheses:; | bitwise OR; & bitwise AND; ~ bitwise NOT; ! boolean NOT;; Boolean flags can be turned on using the values 1, On, True or Yes.; They can be turned off using the values 0, Off, False or No.;; An empty string can be denoted by simply not writing anything after the equal; sign, or by using the None keyword:;; foo=; sets foo to an empty string; foo=none ; sets foo to an empty string; foo="none" ; sets foo to the string 'none';; If you use constants in your value, and these constants belong to a; dynamically loaded extension (either a PHP extension or a Zend extension),; you may only use these constants *after* the line that loads the extension.;; All the values in the php.ini-dist file correspond to the builtin; defaults (that is, if no php.ini is used, or if you delete these lines,; the builtin defaults will be identical).

;;;;;;;;;;;;;;;;;;;;; Language Options ;;;;;;;;;;;;;;;;;;;;;

; Enable the PHP scripting language engine under Apache.engine=On

; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized. ; NOTE: Using short tags should be avoided when developing applications or; libraries that are meant for redistribution, or deployment on PHP; servers which are not under your control, because short tags may not; be supported on the target server. For portable, redistributable code,; be sure not to use short tags.short_open_tag=On

; Allow ASP-style <% %> tags.asp_tags=Off

; The number of significant digits displayed in floating point numbers.precision=12

; Output buffering allows you to send header lines (including cookies) even; after you send body content, at the price of slowing PHP's output layer a; bit. You can enable output buffering during runtime by calling the output; buffering functions. You can also enable output buffering for all files by; setting this directive to On. If you wish to limit the size of the buffer; to a certain size - you can use a maximum number of bytes instead of 'On', as; a value for this directive (e.g., output_buffering=4096).output_buffering=Off

; You can redirect all of the output of your scripts to a function. For; example, if you set output_handler to "mb_output_handler", character; encoding will be transparently converted to the specified encoding.; Setting any output handler automatically turns on output buffering.; Note: People who wrote portable scripts should not depend on this ini; directive. Instead, explicitly set the output handler using ob_start().; Using this ini directive may cause problems unless you know what script ; is doing.; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ;output_handler=

; Transparent output compression using the zlib library; Valid values for this option are 'off', 'on', or a specific buffer size; to be used for compression (default is 4KB); Note: Resulting chunk size may vary due to nature of compression. PHP ; outputs chunks that are few hundreds bytes each as a result of ; compression. If you prefer a larger chunk size for better ; performance, enable output_buffering in addition.; Note: You need to use zlib.output_handler instead of the standard; output_handler, or otherwise the output will be corrupted.zlib.output_compression=Off

; You cannot specify additional output handlers if zlib.output_compression; is activated here. This setting does the same as output_handler but in; a different order.;zlib.output_handler=

; Implicit flush tells PHP to tell the output layer to flush itself; automatically after every output block. This is equivalent to calling the; PHP function flush() after each and every call to print() or echo() and each; and every HTML block. Turning this option on has serious performance; implications and is generally recommended for debugging purposes only.implicit_flush=Off

; The unserialize callback function will called (with the undefind class'; name as parameter), if the unserializer finds an undefined class; which should be instanciated.; A warning appears if the specified function is not defined, or if the; function doesn't include/implement the missing class.; So only set this entry, if you really want to implement such a ; callback-function.unserialize_callback_func=

; Whether to enable the ability to force arguments to be passed by reference; at function call time. This method is deprecated and is likely to be; unsupported in future versions of PHP/Zend. The encouraged method of; specifying which arguments should be passed by reference is in the function; declaration. You're encouraged to try and turn this option Off and make; sure your scripts work properly with it in order to ensure they will work; with future versions of the language (you will receive a warning each time; you use this feature, and the argument will be passed by value instead of by; reference).allow_call_time_pass_reference=On

; Safe Mode;safe_mode=Off

; By default, Safe Mode does a UID compare check when; opening files. If you want to relax this to a GID compare,; then turn on safe_mode_gid.safe_mode_gid=Off

; When safe_mode is on, UID/GID checks are bypassed when; including files from this directory and its subdirectories.; (directory must also be in include_path or full path must; be used when including)safe_mode_include_dir=

; When safe_mode is on, only executables located in the safe_mode_exec_dir; will be allowed to be executed via the exec family of functions.safe_mode_exec_dir=

; Setting certain environment variables may be a potential security breach.; This directive contains a comma-delimited list of prefixes. In Safe Mode,; the user may only alter environment variables whose names begin with the; prefixes supplied here. By default, users will only be able to set; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).;; Note: If this directive is empty, PHP will let the user modify ANY; environment variable!safe_mode_allowed_env_vars=PHP_

; This directive contains a comma-delimited list of environment variables that; the end user won't be able to change using putenv(). These variables will be; protected even if safe_mode_allowed_env_vars is set to allow to change them.safe_mode_protected_env_vars=LD_LIBRARY_PATH

; open_basedir, if set, limits all file operations to the defined directory; and below. This directive makes most sense if used in a per-directory; or per-virtualhost web server configuration file. This directive is; *NOT* affected by whether Safe Mode is turned On or Off.;open_basedir=

; This directive allows you to disable certain functions for security reasons.; It receives a comma-delimited list of function names. This directive is; *NOT* affected by whether Safe Mode is turned On or Off.disable_functions=

;; Misc;; Decides whether PHP may expose the fact that it is installed on the server; (e.g. by adding its signature to the Web server header). It is no security; threat in any way, but it makes it possible to determine whether you use PHP; on your server or not.expose_php=On

;;;;;;;;;;;;;;;;;;;; Resource Limits ;;;;;;;;;;;;;;;;;;;;

max_execution_time=30 ; Maximum execution time of each script, in secondsmax_input_time=60 ; Maximum amount of time each script may spend parsing request datamemory_limit=8M ; Maximum amount of memory a script may consume (8MB)

; Print out errors (as a part of the output). For production web sites,; you're strongly encouraged to turn this feature off, and use error logging; instead (see below). Keeping display_errors enabled on a production web site; may reveal security information to end users, such as file paths on your Web; server, your database schema or other information.display_errors=On

; Even when display_errors is on, errors that occur during PHP's startup; sequence are not displayed. It's strongly recommended to keep; display_startup_errors off, except for when debugging.display_startup_errors=Off

; Log errors into a log file (server-specific log, stderr, or error_log (below)); As stated above, you're strongly advised to use error logging in place of; error displaying on production web sites.log_errors=Off

; Set maximum length of log_errors. In error_log information about the source is; added. The default is 1024 and 0 allows to not apply any maximum length at all.log_errors_max_len=1024

; Do not log repeated messages. Repeated errors must occur in same file on same; line until ignore_repeated_source is set true.ignore_repeated_errors=Off

; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or; sourcelines.ignore_repeated_source=Off

; If this parameter is set to Off, then memory leaks will not be shown (on; stdout or in the log). This has only effect in a debug compile, and if ; error reporting includes E_WARNING in the allowed listreport_memleaks=On

; Store the last error/warning message in $php_errormsg (boolean).track_errors=Off

; Disable the inclusion of HTML tags in error messages.;html_errors=Off

; If html_errors is set On PHP produces clickable error messages that direct ; to a page describing the error or function causing the error in detail.; You can download a copy of the PHP manual from http://www.php.net/docs.php ; and change docref_root to the base URL of your local copy including the; leading '/'. You must also specify the file extension being used including ; the dot.;docref_root=/phpmanual/;docref_ext=.html

; String to output before an error message.;error_prepend_string="<font color=ff0000>"

; String to output after an error message.;error_append_string="</font>"

; The separator used in PHP generated URLs to separate arguments.; Default is "&". ;arg_separator.output="&"

; List of separator(s) used by PHP to parse input URLs into variables.; Default is "&". ; NOTE: Every character in this directive is considered as separator!;arg_separator.input=";&"

; This directive describes the order in which PHP registers GET, POST, Cookie,; Environment and Built-in variables (G, P, C, E & S respectively, often; referred to as EGPCS or GPC). Registration is done from left to right, newer; values override older values.variables_order="EGPCS"

; Whether or not to register the EGPCS variables as global variables. You may; want to turn this off if you don't want to clutter your scripts' global scope; with user data. This makes most sense when coupled with track_vars - in which; case you can access all of the GPC variables through the $HTTP_*_VARS[],; variables.;; You should do your best to write your scripts so that they do not require; register_globals to be on; Using form variables as globals can easily lead; to possible security problems, if the code is not very well thought of.register_globals=On

; This directive tells PHP whether to declare the argv&argc variables (that; would contain the GET information). If you don't use these variables, you; should turn it off for increased performance.register_argc_argv=On

; Maximum size of POST data that PHP will accept.post_max_size=8M

; This directive is deprecated. Use variables_order instead.gpc_order="GPC"

; Automatically add files before or after any PHP document.auto_prepend_file=auto_append_file=

; As of 4.0b4, PHP always outputs a character encoding by default in; the Content-type: header. To disable sending of the charset, simply; set it to be empty.;; PHP's built-in default is text/htmldefault_mimetype="text/html";default_charset="iso-8859-1"

; Allow handling of WebDAV http requests within PHP scripts (eg.; PROPFIND, PROPPATCH, MOVE, COPY, etc..); If you want to get the post data of those requests, you have to; set always_populate_raw_post_data as well.;allow_webdav_methods=On

; The root of the PHP pages, used only if nonempty.; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root; if you are running php as a CGI under any web server (other than IIS); see documentation for security issues. The alternate is to use the; cgi.force_redirect configuration belowdoc_root=

; The directory under which PHP opens the script using /~username used only; if nonempty.user_dir=

; Directory in which the loadable extensions (modules) reside.extension_dir=extensions

; Whether or not to enable the dl() function. The dl() function does NOT work; properly in multithreaded servers, such as IIS or Zeus, and is automatically; disabled on them.enable_dl=On

; cgi.force_redirect is necessary to provide security running PHP as a CGI under; most web servers. Left undefined, PHP turns this on by default. You can; turn it off here AT YOUR OWN RISK; **You CAN safely turn this off for IIS, in fact, you MUST.**; cgi.force_redirect=1

; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP; will look for to know it is OK to continue execution. Setting this variable MAY; cause security issues, KNOW WHAT YOU ARE DOING FIRST.; cgi.redirect_status_env=;

; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate; security tokens of the calling client. This allows IIS to define the; security context that the request runs under. mod_fastcgi under Apache; does not currently support this feature (03/17/2002); Set to 1 if running under IIS. Default is zero.; fastcgi.impersonate=1;

; cgi.rfc2616_headers configuration option tells PHP what type of headers to; use when sending HTTP response code. If it's set 0 PHP sends Status: header that; is supported by Apache. When this option is set to 1 PHP will send; RFC2616 compliant header.; Set to 1 if running under IIS. Default is zero.;cgi.rfc2616_headers=0

; If your scripts have to deal with files from Macintosh systems,; or you are running on a Mac and need to deal with files from; unix or win32 systems, setting this flag will cause PHP to; automatically detect the EOL character in those files so that; fgets() and file() will work regardless of the source of the file.; auto_detect_line_endings=Off

;;;;;;;;;;;;;;;;;;;;;;; Dynamic Extensions ;;;;;;;;;;;;;;;;;;;;;;;;; If you wish to have an extension loaded automatically, use the following; syntax:;; extension=modulename.extension;; For example, on Windows:;; extension=msql.dll;; ... or under UNIX:;; extension=msql.so;; Note that it should be the name of the module only; no directory information ; needs to go here. Specify the location of the extension with the; extension_dir directive above.

;Windows Extensions;Note that MySQL and ODBC support is now built in, so no dll is needed for it.;;extension=php_bz2.dll;extension=php_cpdf.dll;extension=php_crack.dll;extension=php_curl.dll;extension=php_db.dll;extension=php_dba.dll;extension=php_dbase.dll;extension=php_dbx.dll;extension=php_domxml.dll;extension=php_exif.dll;extension=php_fbsql.dll;extension=php_fdf.dll;extension=php_filepro.dllextension=php_gd.dll;extension=php_gd2.dll;extension=php_gettext.dll;extension=php_hyperwave.dll;extension=php_iconv.dll;extension=php_ifx.dll;extension=php_iisfunc.dll;extension=php_imap.dll;extension=php_interbase.dll;extension=php_java.dll;extension=php_ldap.dll;extension=php_mbstring.dll;extension=php_mcrypt.dll;extension=php_mhash.dll;extension=php_mime_magic.dll;extension=php_ming.dll;extension=php_mssql.dll;extension=php_msql.dll;extension=php_oci8.dll;extension=php_openssl.dll;extension=php_oracle.dll;extension=php_pdf.dll;extension=php_pgsql.dll;extension=php_printer.dll;extension=php_shmop.dll;extension=php_snmp.dll;extension=php_sockets.dll;extension=php_sybase_ct.dll;extension=php_w32api.dll;extension=php_xmlrpc.dll;extension=php_xslt.dll;extension=php_yaz.dll;extension=php_zip.dll

;;;;;;;;;;;;;;;;;;;; Module Settings ;;;;;;;;;;;;;;;;;;;;

[Syslog]; Whether or not to define the various syslog variables (e.g. $LOG_PID,; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In; runtime, you can define these variables by calling define_syslog_variables().define_syslog_variables=Off

[mail function]; For Win32 only.SMTP= localhost ; for Win32 only

; For Win32 only.sendmail_from= me@localhost.com ; for Win32 only

; For Unix only. You may supply arguments as well (default: "sendmail -t -i").;sendmail_path=

; Handling of LONG fields. Returns number of bytes to variables. 0 means; passthru.odbc.defaultlrl=4096

; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.; See the documentation on odbc_binmode and odbc_longreadlen for an explanation; of uodbc.defaultlrl and uodbc.defaultbinmodeodbc.defaultbinmode=1

[MySQL]; Allow or prevent persistent links.mysql.allow_persistent=On

; Maximum number of persistent links. -1 means no limit.mysql.max_persistent=-1

; Default port number for mysql_connect(). If unset, mysql_connect() will use; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the; compile-time value defined MYSQL_PORT (in that order). Win32 will only look; at MYSQL_PORT.mysql.default_port=

; Default socket name for local MySQL connects. If empty, uses the built-in; MySQL defaults.mysql.default_socket=

; Default password for mysql_connect() (doesn't apply in safe mode).; Note that this is generally a *bad* idea to store passwords in this file.; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password"); and reveal this password! And of course, any users with read access to this; file will be able to reveal the password as well.mysql.default_password=

; Compatability mode with old versions of PHP 3.0.; If on, this will cause PHP to automatically assign types to results according; to their Sybase type, instead of treating them all as strings. This; compatability mode will probably not stay around forever, so try applying; whatever necessary changes to your code, and turn it off.sybase.compatability_mode=Off

[dbx]; returned column names can be converted for compatibility reasons; possible values for dbx.colnames_case are; "unchanged" (default, if not set); "lowercase"; "uppercase"; the recommended default is either upper- or lowercase, but; unchanged is currently set for backwards compatibilitydbx.colnames_case="unchanged"

[bcmath]; Number of decimal digits for all bcmath functions.bcmath.scale=0

; If on, select statements return the contents of a text blob instead of its id.ifx.textasvarchar=0

; If on, select statements return the contents of a byte blob instead of its id.ifx.byteasvarchar=0

; Trailing blanks are stripped from fixed-length char columns. May help the; life of Informix SE users.ifx.charasvarchar=0

; If on, the contents of text and byte blobs are dumped to a file instead of; keeping them in memory.ifx.blobinfile=0

; NULL's are returned as empty strings, unless this is set to 1. In that case,; NULL's are returned as string 'NULL'.ifx.nullformat=0

[Session]; Handler used to store/retrieve data.session.save_handler=files

; Argument passed to save_handler. In the case of files, this is the path; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions.; As of PHP 4.0.1, you can define the path as:; session.save_path="N;/path"; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and ; store the session data in those directories. This is useful if you ; or your OS have problems with lots of files in one directory, and is ; a more efficient layout for servers that handle lots of sessions.; NOTE 1: PHP will not create this directory structure automatically.; You can use the script in the ext/session dir for that purpose.; NOTE 2: See the section on garbage collection below if you choose to; use subdirectories for session storagesession.save_path= C:\WEBSERVER\php4\sessiondata ; argument passed to save_handler

; Whether to use cookies.session.use_cookies=1

; This option enables administrators to make their users invulnerable to; attacks which involve passing session ids in URLs; defaults to 0.; session.use_only_cookies=1

; Name of the session (used as cookie name).session.name=PHPSESSID

; Initialize session on request startup.session.auto_start=0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.session.cookie_lifetime=0

; The path for which the cookie is valid.session.cookie_path=/

; The domain for which the cookie is valid.session.cookie_domain=

; Handler used to serialize data. php is the standard serializer of PHP.session.serialize_handler=php

; Define the probability that the 'garbage collection' process is started; on every session initialization.; The probability is calculated by using gc_probability/gc_dividend,; e.g. 1/100 means 1%.

session.gc_probability=1session.gc_dividend=100

; After this number of seconds, stored data will be seen as 'garbage' and; cleaned up by the garbage collection process.; WARNING: Your filesystem must store access times. Windows FAT does; not. So, see session_set_save_handler() and write your own; session handler with a different mechanism for cleaning up sessions.session.gc_maxlifetime=1440

; NOTE: If you are using the subdirectory option for storing session files; (see session.save_path above), then garbage collection does *not*; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of; setting session.gc_maxlifetime to 1440 (1440 seconds=24 minutes):; cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to; to initialize a session variable in the global scope, albeit register_globals; is disabled. PHP 4.3 and later will warn you, if this feature is used.; You can disable the feature and the warning seperately. At this time,; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42=1session.bug_compat_warn=1

; Check HTTP Referer to invalidate externally stored URLs containing ids.; HTTP_REFERER has to contain this substring for the session to be; considered as valid.session.referer_check=

; How many bytes to read from the file.session.entropy_length=0

; Specified here to create the session id.session.entropy_file=

;session.entropy_length=16

;session.entropy_file=/dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects; or leave this empty to avoid sending anti-caching headers.session.cache_limiter=nocache

; Document expires after n minutes.session.cache_expire=180

; trans sid support is disabled by default.; Use of trans sid may risk your users security. ; Use this option with caution.; - User may send URL contains active session ID; to other person via. email/irc/etc.; - URL that contains active session ID may be stored; in publically accessible computer.; - User may access your site with the same session ID; always using URL stored in browser's history or bookmarks.session.use_trans_sid=0

; The URL rewriter will look for URLs in a defined set of HTML tags.; form/fieldset are special; if you include them here, the rewriter will; add a hidden <input> field with the info which is otherwise appended; to URLs. If you want XHTML conformity, remove the form entry.; Note that all valid entries require a "=", even if no value follows.url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="

[MSSQL]; Allow or prevent persistent links.mssql.allow_persistent=On

; Maximum number of persistent links. -1 means no limit.mssql.max_persistent=-1

[Crack]; Modify the setting below to match the directory location of the cracklib; dictionary files. Include the base filename, but not the file extension.; crack.default_dictionary="c:\php\lib\cracklib_dict"

[exif]; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ; With mbstring support this will automatically be converted into the encoding; given by corresponding encode setting. When empty mbstring.internal_encoding ; is used. For the decode settings you can distinguish between motorola and ; intel byte order. A decode setting cannot be empty.;exif.encode_unicode=ISO-8859-15;exif.decode_unicode_motorola=UCS-2BE;exif.decode_unicode_intel=UCS-2LE;exif.encode_jis=;exif.decode_jis_motorola=JIS;exif.decode_jis_intel=JIS